home

caop_.exe

Peter Sulik

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application caop_.exe by Peter Sulik has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Peter Sulik  (signed and verified)

MD5:
76a2d0a630f037a7ea85dce3ee5caf9a

SHA-1:
1ca0bcb8ff47e6b9ef314ea7669a972dce240e66

SHA-256:
1c895fc4887d12838bb692d79ae643715880f03cbab40d82aeeff37755006b04

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/16/2024 10:49:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick (M)
16.12.31.1

File size:
726.5 KB (743,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\caop_.exe

Digital Signature
Signed by:
Peter Sulik

Authority:
COMODO CA Limited

Valid from:
11/27/2013 1:00:00 AM

Valid to:
11/28/2014 12:59:59 AM

Subject:
CN=Peter Sulik, O=Peter Sulik, STREET=Izyumskaya 11, L=Kiev, S=Kiev, PostalCode=03039, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51664A6CB00BE789CB474E7F25A72C4D

File PE Metadata
Compilation timestamp:
9/29/2013 3:08:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x14438

Entry point:
E8, 04, 41, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 8F, 42, 00, E8, B2, 06, 00, 00, E8, D1, 42, 00, 00, 0F, B7, F0, 6A, 02, E8, 97, 40, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E8, 0C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
133.5 KB (136,704 bytes)

Remove caop_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.